Niklas Meyer
1926625297
Merge pull request #5711 from amorfo77/master
...
[Netfilter] set IP check more relaxed on NFTables.py
2024-02-08 12:36:03 +01:00
vicente
eb91d9905b
fix typpo in chain order message
2024-02-07 15:48:49 +01:00
vicente
38cc85fa4c
set strict=False
2024-02-07 15:36:04 +01:00
FreddleSpl0it
464b6f2e93
[Netfilter] fix redis logs
2024-02-05 09:47:19 +01:00
FreddleSpl0it
57e67ea8f7
[Netfilter] fix mailcow isolation rule for iptables
2024-02-02 17:40:44 +01:00
FreddleSpl0it
c941e802d4
[Netfilter] only perform cleanup at exit if SIGTERM was recieved
2024-02-02 12:57:21 +01:00
FreddleSpl0it
39589bd441
[Netfilter] only perform cleanup at exit if SIGTERM was recieved
2024-02-02 12:46:50 +01:00
FreddleSpl0it
2072301d89
[Netfilter] only perform cleanup at exit if SIGTERM was recieved
2024-02-02 11:08:44 +01:00
FreddleSpl0it
b236fd3ac6
[Netfilter] add mailcow isolation rule to MAILCOW chain
...
[Netfilter] add mailcow rule to docker-user chain
[Netfilter] add mailcow isolation rule to MAILCOW chain
[Netfilter] add mailcow isolation rule to MAILCOW chain
[Netfilter] set mailcow isolation rule before redis
[Netfilter] clear bans in redis after connecting
[Netfilter] simplify mailcow isolation rule for compatibility with iptables-nft
[Netfilter] stop container after mariadb, redis, dovecot, solr
[Netfilter] simplify mailcow isolation rule for compatibility with iptables-nft
[Netfilter] add exception for mailcow isolation rule for HA setups
[Netfilter] add exception for mailcow isolation rule for HA setups
[Netfilter] add DISABLE_NETFILTER_ISOLATION_RULE
[Netfilter] fix wrong var name
[Netfilter] add DISABLE_NETFILTER_ISOLATION_RULE to update and generate_config sh
2024-02-02 10:10:11 +01:00
DerLinkman
333b7ebc0c
Fix Alpine 3.19 dependencies
2024-01-09 11:17:52 +01:00
Peter
5896766fc3
Update to Alpine 3.19
2024-01-09 11:17:51 +01:00
FreddleSpl0it
3e40bbc603
Merge remote-tracking branch 'origin/staging' into feat/f2b-banlist
2023-12-11 12:27:14 +01:00
FreddleSpl0it
f4b838cad8
[Netfilter] update image & delete old server.py
2023-12-11 11:51:28 +01:00
FreddleSpl0it
86fa8634ee
[Netfilter] do not ignore RETRY_WINDOW
2023-12-11 11:38:48 +01:00
FreddleSpl0it
f39005b72d
[Netfilter] add nftables support
2023-10-30 11:54:14 +01:00
FreddleSpl0it
1537fb39c0
[Web] add manage f2b external option
2023-07-11 10:19:32 +02:00
FreddleSpl0it
65cbc478b8
[Web] add manage f2b external option
2023-07-11 10:13:00 +02:00
FreddleSpl0it
e2e8fbe313
[Web] add f2b_banlist endpoint
2023-07-10 13:54:23 +02:00
DerLinkman
70aab7568e
Changed maintainers to tinc (Dockerfiles)
2023-05-30 16:20:35 +02:00
Patrick Schult
fd0205aafd
Merge pull request #5127 from th-joerger/feature/bantime-increment
...
[Netfilter] Implemented exponentially incrementing bantime
2023-03-30 07:53:33 +02:00
Thorbjörn Jörger
096e2a41e9
Push verified options to redis after each check
2023-03-29 17:09:25 +02:00
Thorbjörn Jörger
e010f08143
verify options after loading them, set defaults if options are missing or invalid
2023-03-29 15:24:14 +02:00
Patrick Schult
3d2483ca37
Merge pull request #5093 from brunoleon/fix_snat
...
Fix SNAT never being added because of exception
2023-03-29 08:13:11 +02:00
Thorbjörn Jörger
5bc3d93545
log exception of redis pubsub subscription
2023-03-21 11:14:52 +01:00
Thorbjörn Jörger
1233613bea
implemented handling of max_bantime and ban_time_increment flag
2023-03-21 11:06:13 +01:00
Thorbjörn Jörger
0206e0886c
implemented exponentially incrementing bantime, removed active_window code that did nothing, cleanly initialized dictionary
2023-03-21 11:06:13 +01:00
Bruno Léon
f77c65411d
Fix SNAT never being added because of exception
...
Some firewall rule object (iptc) do not have a parameter
attribute, which results in an exception being triggered,
and the mailcow SNAT rule to never be created.
Firewall rules that trigger such exception are:
- -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
This commit just verify attribute presence, and skip the rule
properly instead of triggering an exception.
2023-02-27 12:04:32 +01:00
FreddleSpl0it
04403aaf70
[Netfilter] fix setting SNAT Rule if chain is empty
2023-02-17 13:15:44 +01:00
Niklas Meyer
50e9a3ec8a
Merge pull request #4835 from VermiumSifell/master
...
✏️ Fixed invalid regexs for banning.
2022-12-23 16:10:32 +01:00
DerLinkman
77f04d10c7
Update Base Images to Alpine 3.17
2022-12-01 23:02:03 +01:00
Vermium Sifell
a9871d05b2
✏️ Fixed invalid regexs for banning
2022-11-02 23:42:37 +01:00
Martin Wilhelmi
f34d3620b1
Remove trailing whitespaces
2022-08-22 22:16:01 +02:00
Martin Wilhelmi
70e99447f9
Fix adding same SNAT rule endless to the ipv4 POSTROUTING chain
2022-08-22 22:15:56 +02:00
Peter
d13be25f45
Update base image to alpine 3.16
2022-06-05 18:38:16 +02:00
Dmitriy Alekseev
6c5ab7800e
[Netfilter] Exclude banning IPs when dovecot server not reacheble
2022-04-13 13:01:58 +03:00
Niklas Meyer
fac8d9d28a
[Netfilter] Update to Alpine 3.15 + GeoIP Fix
...
Added xtables-addon to netfilter container to handle iptables rules with geoip
**Commited by: @marcvorwerk**
2022-01-21 09:22:25 +01:00
Niklas Meyer
9c7faa9fe8
[Netfilter] Update to Alpine 3.15
2022-01-20 10:11:39 +01:00
Marc Vorwerk
f16d36eb74
Added xtables-addon to netfilter container to handle iptables rules with geoip
2022-01-18 16:27:40 +01:00
Alex Beakes
a0b0d36e22
Fix pip3 uninstall error
2022-01-02 03:51:09 +03:00
Dmitriy Alekseev
819f2876e6
[Netfilter] Add non-SMTP command rule ( #4289 )
2021-10-08 12:38:29 +03:00
andryyy
19dda55d96
[Alpine] Upgrade to 3.14
2021-08-30 21:01:09 +02:00
andryyy
08e9ab18a8
[Netfilter] Implement protocol error regex, fulfills #4093
2021-05-10 08:44:34 +02:00
andryyy
edf1a4fb1f
[Netfilter] Exit on log line error in pubsub
2021-04-25 09:23:02 +02:00
monsterry
dfe43f56bf
[netfilter] Use exit code 2 if an error occurs ( #4040 )
2021-04-25 09:13:26 +02:00
andryyy
8eb757bea3
[Netfilter] Further improvements to catch invalid input
2021-03-23 20:53:04 +01:00
andryyy
8bf9ee8308
[Netfilter] Restart on invalid data via pubsub
2021-03-22 21:19:24 +01:00
andryyy
27b18373cc
[Alpine] Update Alpine base images to v3.13
2021-02-18 08:48:12 +01:00
andryyy
0884f42379
[Netfilter] Skip invalid regex
2020-08-27 21:13:30 +02:00
andryyy
d4dd1024c9
[Netfilter] Replace query by resolve (deprecated)
2020-08-27 20:50:22 +02:00
andryyy
d47652d7e4
[Netfilter] Reload regex filters from Redis
2020-08-27 20:42:20 +02:00